[Freeipa-users] Re: Migration from NIS, hashed passwords, "Pre-authentication failed: Invalid argument while getting initial credentials"

Mon, 20 Dec 2021 17:01:09 -0800 

I think that something else must be going on. I did a test where I added the 
clear-text password:
[root@ipa1 ~]# ipa user-del simon
--------------------
Deleted user "simon"
--------------------
[root@ipa1 ~]# ipa user-add simon --first=NIS --last=USER  --uid=1010 --gid=441 
--gecos='Simon Matthews' --homedir=/home/simon --shell=/bin/bash --password
Password: 
Enter Password again to verify: 
------------------
Added user "simon"
------------------
  User login: simon
  First name: NIS
  Last name: USER
  Full name: NIS USER
  Display name: NIS USER
  Initials: NU
  Home directory: /home/simon
  GECOS: Simon Matthews
  Login shell: /bin/bash
  Principal name: si...@sj.bps
  Principal alias: si...@sj.bps
  User password expiration: 20211221005503Z
  Email address: si...@sj.bps
  UID: 1010
  GID: 441
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True

Now to test that password:
[root@ipa1 ~]# ldapwhoami -Z  -H ldap://ipa1.sj.bps -D 
'cn=simon,cn=users,cn=accounts,dc=sj,dc=bps'  -W
Enter LDAP Password: 
ldap_bind: Invalid credentials (49)

The database has a password:
[root@ipa1 ~]# ldapsearch -D "cn=Directory Manager" -x -W -b 
uid=simon,cn=users,cn=accounts,dc=sj,dc=bps uid userPassword
Enter LDAP Password: 
# extended LDIF
#
# LDAPv3
# base <uid=simon,cn=users,cn=accounts,dc=sj,dc=bps> with scope subtree
# filter: (objectclass=*)
# requesting: uid userPassword 
#

# simon, users, accounts, sj.bps
dn: uid=simon,cn=users,cn=accounts,dc=sj,dc=bps
uid: simon
userPassword:: e1NTSEE1MTJ9RnF3M1VpeEdmallFU1l4YVdRR2dCbFdUQnY0OExsKzNld1lJSzF
 UR015ci9WMkJ6TWxaQy9WSXVxUDJYVlRuMURMOVMxeEFpcVBqTFZZRWM4Z0R5cHdpcVNRZytBalZi

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1




_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to